This is needed for the mailbox service to trust more recent root CA certificates, like ISRG Root X1. Updated openjdk-cacerts from the latest Mozilla certdata.txt.Since Ubuntu 14.04, Oracle Linux 6 and CentOS/RHEL 6 Operating Systems are deprecated, please refer to for the list of supported Operating Systems.įor questions or guidance with upgrading your operating system please open a support case and our Support team is here to assist you. Postfix has been upgraded from 3.5.6 to 3.6.1.Openldap has been upgraded from 2.4.49 to 2.4.59.Nginx has been upgraded from 1.19.0 to 1.20.0.So we urge our customers to review this configuration setting to ensure that there are no vulnerabilities are introduced. Zimbra would strongly recommend the customer to review whether the Proxy Servlet is configured to allow a particular host (via zimbraProxyAllowedDomains configuration setting on each class of services), please make sure each entry in zimbraProxyAllowedDomains should be a safe and trusted host, there should NOT be any wild card entries like *. instead use specific host .Īny entry in zimbraProxyAllowedDomains resolves to an internal IP address (such as 127.0.0.1), an attacker could possibly access services running on a different port on the same server, which would normally not be exposed publicly.
JIRA KEYGEN.JAR PATCH
Please re-apply the patch to fix the issue.
The issue has been fixed with the updated packages. The backed up certificates were not added again and this resulted in a loss of all custom imported certificates and authorities. It replaced the open JDK ca store at /opt/zimbra/common/etc/java/cacerts after taking the backup of existing certificates in the directory.
JIRA KEYGEN.JAR UPDATE
A fix was delivered in this patch to update the store with the new trusted certificate authorities.
0 kommentar(er)
